Премини към съдържанието

Препоръчан отговор


Здравейте, бихте ли ми казали дали имам повод за притеснение. Клавиатурата ми и мишката отказват на моменти, което ме навежда на мисълта че е заразена машината. Работи бавно и ми дава на моменти син екран. Прилагам логовете:

DDS:

 

DDS (Ver_2011-09-30.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by MONI at 14:35:59 on 2013-05-11
Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.894.97 [GMT 3:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32PAStiSvc.exe
C:Program FilesTeamViewerVersion8TeamViewer_Service.exe
C:Program FilesVIAVIAudioiHDADeckHDeck.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesSkypePhoneSkype.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTeamViewerVersion8TeamViewer.exe
C:Program FilesAviraAntiVir Desktopavshadow.exe
C:Program FilesTeamViewerVersion8tv_w32.exe
C:WINDOWSSystem32alg.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesMozilla Firefoxfirefox.exe
c:program filesteamviewerversion8TeamViewer_Desktop.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSsystem32svchost.exe -k DcomLaunch
C:WINDOWSsystem32svchost.exe -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?affID=119529&babsrc=HP_ss&mntrId=5C83002268826863
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [HDAudDeck] c:program filesviaviaudioihdadeckHDeck.exe 1
mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
TCP: NameServer = 89.215.233.2 89.215.246.40
TCP: Interfaces{A48477B5-DFB6-4E66-93CA-3491DD09FD48} : DHCPNameServer = 89.215.233.2 89.215.246.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication26.0.1410.64installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:documents and settingsmoniapplication datamozillafirefoxprofiles5w3wuf8l.default
FF - plugin: c:documents and settingsall usersapplication datanexoneungmnpNxGameeu.dll
FF - plugin: c:program filesadobereader 9.0readerairnppdf32.dll
FF - plugin: c:program filesgoogleupdate1.3.21.145npGoogleUpdate3.dll
FF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_135.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.tuvaro.hpOld0 - 
FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=main&toolbarid=base&u=5c8395d3000000000000002268826863&q=
FF - user.js: extensions.tuvaro.id - 5c8395d3000000000000002268826863
FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
FF - user.js: extensions.tuvaro.instlDay - 15812
FF - user.js: extensions.tuvaro.vrsn - 1.8.17.1
FF - user.js: extensions.tuvaro.vrsni - 1.8.17.1
FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.114:03:46
FF - user.js: extensions.tuvaro.prtnrId - tuvaro
FF - user.js: extensions.tuvaro.prdct - tuvaro
FF - user.js: extensions.tuvaro.aflt - orgnl
FF - user.js: extensions.tuvaro.smplGrp - none
FF - user.js: extensions.tuvaro.tlbrId - base
FF - user.js: extensions.tuvaro.instlRef - 9e9471a2
FF - user.js: extensions.tuvaro.dfltLng - 
FF - user.js: extensions.tuvaro.excTlbr - false
FF - user.js: extensions.tuvaro.ffxUnstlRst - false
FF - user.js: extensions.tuvaro.admin - false
FF - user.js: extensions.tuvaro.cam - 
FF - user.js: extensions.tuvaro.autoRvrt - false
FF - user.js: extensions.tuvaro.rvrt - false
FF - user.js: extensions.tuvaro.hmpg - true
FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=homepage&toolbarid=base&u=5c8395d3000000000000002268826863
FF - user.js: extensions.tuvaro.dfltSrch - true
FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=9e9471a2&tbp=url&toolbarid=base&u=5c8395d3000000000000002268826863&q=
FF - user.js: extensions.tuvaro.dnsErr - true
FF - user.js: extensions.tuvaro.newTab - true
FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=9e9471a2&tbp=tab&u=5c8395d3000000000000002268826863
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 5c8395d3000000000000002268826863
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15812
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1614:06:01
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:windowssystem32driversmv61xxmm.sys [2012-7-12 13616]
R0 mv64xxmm;mv64xxmm;c:windowssystem32driversmv64xxmm.sys [2012-7-12 5632]
R0 mvxxmm;mvxxmm;c:windowssystem32driversmvxxmm.sys [2012-7-12 13616]
R0 nvlegacy;nvlegacy;c:windowssystem32driversnvlegacy.sys [2012-7-12 100736]
R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [2013-1-6 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:program filesaviraantivir desktopsched.exe [2013-1-6 86752]
R2 AntiVirService;Avira Real-Time Protection;c:program filesaviraantivir desktopavguard.exe [2013-1-6 110816]
R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2013-1-6 84744]
R2 TeamViewer8;TeamViewer 8;c:program filesteamviewerversion8TeamViewer_Service.exe [2013-3-5 3574624]
R3 MonitorFunction;Driver for Monitor;c:windowssystem32driversTVMonitor.sys [2013-2-3 13304]
R3 PAC207;SoC PC-Camer@;c:windowssystem32driverspfc027.sys [2005-2-24 162176]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [2012-12-8 279680]
S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2013-1-12 116648]
S3 vtany;vtany;??c:windowsvtany.sys --> c:windowsvtany.sys [?]
S3 xhunter1;xhunter1;??c:windowsxhunter1.sys --> c:windowsxhunter1.sys [?]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-12 250808]
S4 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384]
.
=============== Created Last 30 ================
.
2013-04-18 13:37:10 -------- d-----w- c:documents and settingsall usersapplication dataInterAction studios
2013-04-17 15:58:18 -------- d-----w- c:windowssystem32appmgmt
2013-04-17 11:05:32 -------- d-----w- c:documents and settingsmoniapplication dataBabylon
2013-04-17 11:05:32 -------- d-----w- c:documents and settingsall usersapplication dataBabylon
2013-04-17 11:03:19 -------- d--h--w- c:windowssystem32GroupPolicy
2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb1.bin
2013-04-14 00:02:47 1072544 ----a-w- c:windowssystem32nvdrsdb0.bin
2013-04-14 00:02:47 1 ----a-w- c:windowssystem32nvdrssel.bin
2013-04-14 00:02:08 -------- d-----w- c:program filesNVIDIA Corporation
2013-04-11 19:20:18 26520 ----a-w- c:program filesmozilla firefoxplugin-hang-ui.exe
2013-04-11 19:20:01 96664 ----a-w- c:program filesmozilla firefoxwebapprt-stub.exe
2013-04-11 19:20:01 19352 ----a-w- c:program filesmozilla firefoxxpcom.dll
2013-04-11 19:20:01 18581400 ----a-w- c:program filesmozilla firefoxxul.dll
2013-04-11 19:20:00 92056 ----a-w- c:program filesmozilla firefoxsmime3.dll
2013-04-11 19:20:00 867000 ----a-w- c:program filesmozilla firefoxuninstallhelper.exe
2013-04-11 19:20:00 272280 ----a-w- c:program filesmozilla firefoxupdater.exe
2013-04-11 19:20:00 170232 ----a-w- c:program filesmozilla firefoxwebapp-uninstaller.exe
2013-04-11 19:20:00 157080 ----a-w- c:program filesmozilla firefoxssl3.dll
2013-04-11 19:20:00 152472 ----a-w- c:program filesmozilla firefoxsoftokn3.dll
.
==================== Find3M  ====================
.
2013-03-27 15:22:35 84744 ----a-w- c:windowssystem32driversavgntflt.sys
2013-03-27 15:22:35 37352 ----a-w- c:windowssystem32driversavkmgr.sys
2013-03-08 08:35:47 293376 ----a-w- c:windowssystem32winsrv.dll
2013-03-07 03:23:36 2070016 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-03-07 01:31:48 2193536 ----a-w- c:windowssystem32ntoskrnl.exe
2013-03-02 02:05:19 920064 ----a-w- c:windowssystem32wininet.dll
2013-03-02 02:05:18 43520 ----a-w- c:windowssystem32licmgr10.dll
2013-03-02 02:05:18 1469440 ----a-w- c:windowssystem32inetcpl.cpl
2013-03-02 01:31:30 1876224 ----a-w- c:windowssystem32win32k.sys
2013-03-02 01:08:57 385024 ----a-w- c:windowssystem32html.iec
2013-02-12 00:32:23 12928 ----a-w- c:windowssystem32driversusb8023.sys
.
============= FINISH: 14:37:09,76 ===============
 
Attach:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-09-30.01)
.
Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 07.5.2005 г. 18:24:05
System Uptime: 11.5.2013 г. 12:55:05 (2 hours ago)
.
Motherboard: FOXCONN |  | M61PMV
Processor: AMD Sempron Processor LE-1200 | AMD Sempron Processor LE-1200 | 2109/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 68 GiB total, 59,224 GiB free.
D: is FIXED (NTFS) - 165 GiB total, 146,672 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Пакет за езиков интерфейс на Windows
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 - Bulgarian
Avira Free Antivirus
CCleaner
Chicken Invaders 3 Free Trial
Compatibility Pack for the 2007 Office system
Dekaron
Diner Dash - Hometown Hero
Google Chrome
Google Update Helper
K-Lite Codec Pack 8.4.0 (Standard)
Microsoft Office 2003 Bulgarian User Interface Pack
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 20.0.1 (x86 bg)
MSXML 4.0 SP3 Parser (KB2758694)
Nero 7 Micro
NVIDIA Drivers
OnScreenKeys 5.0.48
PC Camer@
Platform
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2820917)
Skype™ 6.3
TeamViewer 8
The KMPlayer (remove only)
VIA п»ї
WebFldrs XP
Winamp
WinRAR 4.01 (32-битова версия)
.
==== Event Viewer Messages From Past Week ========
.
07.5.2013 г. 13:16:53, error: Service Control Manager [7031]  - The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
07.5.2013 г. 13:16:53, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
.
==== End Of File ===========================
 

Благодаря  :)

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Извинете за забавянето.

Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

Публикувайте линк за download в следващия си пост.

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Извинете за забавянето.

Може ли да архивирате файловете от папката C:Windowsminidump и да ги качите на хост по-избор.

Публикувайте линк за download в следващия си пост.

 

Поздрави!

Привет, ето линк към архива: http://dox.bg/files/dw?a=7813a0da6a

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

 

Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

 

Probably caused by : viahduaa.sys ( viahduaa+19e60 )

 

Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

 

Свалете програмата Публикувано изображениеHWiNFO32

След успешна инсталация и стартиране, ще се появи следния прозорец:
Публикувано изображение

Натиснете Run.

Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

Посочете вашия десктоп и натиснете Next.

Ще се появява се Report Filter, изберете Finish.

Публикувано изображение

На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.


И един от дъмповете се дължи на следното:

 

Probably caused by : memory_corruption

 

За тестване на РАМ паметта може да опитате с Memtest86+ 4.20
Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

Публикувано изображение
След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.
Ако теста е успешен не би трябвало да има грешки:

Публикувано изображение

За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.
Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:
Публикувано изображение

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Чудя се дали направо не можете да си карате само на драйвъра на Реалтек за звука, защото имате два драйвъра:

 

Realtek HDA Audio Drive
VIA HDA Audio Drive

 

На сайта на Foxconn драйвърите са доста стари - от 2009-та

 

На сайта на VIA намерий два за вашия кодек: VIA VT1708B CE

 

По-стара, но сертифицирана версия - 10.005D Dated: 25-Jul-2012

 

 

и  по-нова версия (не сертифицирана, но едва ли ще е проблем) - 10.1200A Dated: 7-Nov-2012

 

Пробвайте и двата и вижте дали сините екрани ще изчезнат. При възможност обновете и останалите драйвъри (но за предпочитане е да не използвате допълнителен софтуер, защото те често свалят погрешните драйвъри за дадена конфигфурация).

 

Все пак тествайте и РАМ-а и после пишете как е положението.

 

Също така да почистим и малко Adware и да проверим за активни гадинки:

 

 

 

СТЪПКА 1

 

 

Публикувано изображение Изтеглете и стартирайте програмата AdwCleaner (by Xplode).

  • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
adwcleaner.exe за да стартирате инструмента. [*]Този път маркирайте Delete [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s1].txt.

 

 

 

СТЪПКА 2

 

 

 

Публикувано изображение Моля изтеглете Junkware Removal Tool на вашия десктоп.


  • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

 

СТЪПКА 3

 

 

Публикувано изображение Изтеглете Malwarebytes' Anti-Malware

 

  • [*]Кликнете два пъти върху
mbam-setup.exe, за да инсталирате програмата. [*]Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish. [*]Ако има намерени обновявания, тя ще ги изтегли и инсталира. [*]Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan. [*]Сканирането ще отнеме малко време, затова моля да бъдете търпеливи. [*]Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата. [*]Уверете се, че на всички редове има отметки, и кликнете на Remove Selected. [*]Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. [*]Прикачете този лог в следващия си коментар в темата.

Забележка: Ако MalwareBytes'Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поискада рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

 

 

СТЪПКА 4

 

 

Публикувано изображение
1) Изтеглете: ESET Online Scanner
2) Стартирайте esetsmartinstaller_enu.exe
3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
4) Скенерът ще започне да изтегля компонентите, които са му необходими.
5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

  • [*]
Scan archives [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth technology

Уверете се че, Remove found threats няма отметка!

И накрая изберете Start

6) Скенерът ще започне да изтегля последните дефиниции.
7) След, като сканирането завърши изберете Finish.
8) Отидете в: C:Program FilesESETESET Online Scanner.

9) Прикачете лог с името log.txt файла в следващия си пост.

 

 

 

СТЪПКА 5

 

 

 

Публикувано изображение
Изтеглете Security Check от screen317 от този линк или и го запаметете на вашия десктоп.

  • [*]Кликнете два пъти върху
SecurityCheck.exe и следвайте инструкциите. [*]Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля прикачете го в следващия ви коментар в тази тема.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, ето резултати: 

 

 

П.С. Снимката е прекалено голяма за да я кача тук, затова ви пускам линк:  

http://dox.bg/files/dw?a=a70a18da55

 

AdwCleanerS2.txt

checkup.txt

JRT.txt

log.txt

Редактирано от krasnika^ (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Липсва лога от MBAM и за съжаление снимката от Eset не върши работа, защото файловете са с криптирани имена, но щом не пазите лога (както ми писахте по Л.С.) нищо не можем да направим за да видим какво е изтрила програмата след първото стартиране. Втория лог от Есет е чист.

 

Как е сега положението - обновихте ли драйвърите за звука и продължават ли проблемите заради които отворихте темата?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прикачам липсващия лог. Появи се нов проблем с драйверите на звука - след инсталацията на новия драйвер ( без сертификата) не ми позволява да включа микрофона в предния панел. Машината се държи по - добре. Само да попитам: да махам ли инструментите които ползвахме ? И какво да правя с файловете под карантина ? Благодаря ви.

mbam-log-2013-04-06 (11-36-38).txt

Редактирано от krasnika^ (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, файловете на Eset Online Scaner-a и папката в която са инсталирани остана след указаната от вас деинсталация както и карантината на програмата. Компютъра е много "по - пъргав" ако мога така да се изразя. Справихме се успешно с драйверите, и вече всичко е наред. Засега няма сини екрани и едва ли ще има повече проблеми след вашата намеса, за което ви Благодаря :wors: . Проблемите са решени. Само ми укажете начин по който да премахна програмата Eset Online Scaner  безопасно. Поздрави и лека работа :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Явно прибързах със заключенията относно сините екрани. Днес пак се появи ето кода на грешката: 0x000000D1(0xEB0F6E60,0x00000002,0x00000008,0xEB0F6E60). Бихте ли ми казали от какво може да е ? При рестарт на системата и опит да се затвори доклада за грешка на Microsoft дава пак синя страница с този код:0x000000d1(0xEB161E60,0x00000002,0x00000000,0xEB161E60).

Редактирано от krasnika^ (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Най-вероятно причината е в драйвър - и може би отново този на VIA.

 

 

DRIVER_IRQL_NOT_LESS_OR_EQUAL

 

 

 

Вижте дали има нов dmp файл в папката C:Windowsminidump и ако има го архивирайте.

 

Ако отново се окаже, че е заради драйвъра на VIA инсталирайте последната версия без сертификата и пробвайте да работите без микрофона или пробвайте изцяло да карате само на драйвърите на Realtek. Щом помагате по TeamViewer-a няма и как да тествате рама от разстояние - но като имате физически достъп до компютъра тествайте плочките на РАМ-а една по една с Memtest, както бях написал по-нагоре.

 

Също така:

 

Изтеглете Autoruns и:

 

  • [*]Стартирайте програмата; [*]Изберете
Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries; [*]От менюто File -> Refresh; [*]От менюто File -> Save...; [*]Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание и го прикачете към темата.

ПС: Остатъците от Есет можете да изтриете и ръчно.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сложихме драйвера на производителя ( с който е купено дъното) и за сега има звук. Има нови Дъмп файлове които прилагам към темата, както и резултата от програмата който поискахте. Поздрави :) http://dox.bg/files/dw?a=b5f4cf62a5 - Minidump

http://dox.bg/files/dw?a=46a1d5d226 Autoruns - резултат

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лошото е, че драйвъра от сайта на производителя, който съм дал е доста стар и може би дори вие в момента сте били със същата версия, която е правила и проблема.

Според дъмп файловете отново виновен е драйвъра на VIA - viahduaa.sys.

 

Вариантите са 2.

 

1. Деинсталирате го и използвате само този на Realtek.

2. Инсталирате сертифицираната версия, която е по-нова версия от тази на сайта на Foxconn, но и по-стара от несертифицираната версия от сайта на Via.

 

Поне знаете, къде е проблема! :)

 

Колкото до Autoruns можете да премахнете следните отметки (не да ги изтриете, а само ги отмаркирайте):

 

Adobe ARM

HDAudDeck

 

И после затворете програмата.

Изтрийте използваните от нас инструменти. Аз маркирам случая като решен...просто за драйвъра за VIA ако това не помогне не се сещам за друго адекватно решение...

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

 

Прегледах дъмп файловете и всички се дължат на драйвъра на VIA за звука:

 

 

Нека да видим каква е вашаха хардуерна конфигурация за да обновим драйвъра до последната му версия.

 

Свалете програмата Публикувано изображениеHWiNFO32

След успешна инсталация и стартиране, ще се появи следния прозорец:

Публикувано изображение

Натиснете Run.

Изчакайте търпеливо. След това изберете Save Report и HTML формат и натиснете Browse.

Посочете вашия десктоп и натиснете Next.

Ще се появява се Report Filter, изберете Finish.

Публикувано изображение

На десктопа ще се появи HTML файл с име "User Name", където "User Name" е името на компютъра Ви (например файла от снимката се казва HOLLER-PC.HTM). Качете файла тук и публикувайте линка за download в следващия си пост.

И един от дъмповете се дължи на следното:

 

 

За тестване на РАМ паметта може да опитате с Memtest86+ 4.20

Разархивирайте архива и запишете ISO файла с Burnaware например за да се получи буутващ диск с опцията Burn Image

Публикувано изображение

След това направете от БИОС-а CD/DVD устройството да е първото стартиращо устройство и направете проверка на РАМ паметта.

Ако теста е успешен не би трябвало да има грешки:

Публикувано изображение

За да сте напълно сигурни, че РАМ-а е ок е добре да оставите теста за през нощта за поне едно 8-10 часа и още по-добре извадете всички плочки и оставете само една и ги тествайте една по една.

Ако бъдат открити грешки ще видите грешки в червен фон подобно на тези:

Публикувано изображение

С огромно закъснение, за което много се извинявам, бих искал да ви съобщя, че състоянието на системата е много добро. Наложи се да преинсталираме целия компютъра с пълно форматиране и разцепване на харддиска, след което направих теста на РАМ паметта ( както ме посъветвахте - цяла нощ ) резултата е че : няма грешки в паметта, и за момента работи добре, и без сини екрани :)  Още веднъж Благодаря за помощта и положените усилия :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Все пак причината бе и си остава в драйвърите на Realtek...и затова го имайте предвид! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

:)  точно затова този път съм качил всички без тях :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Горещи теми в момента

  • Подобни теми

    • от Васил Джамбазов
      Както казва заглавието когато влизам в различни страници и трябва да ми излезе това captcha дето проверавя дали съм робот но не ми излиза нищо. Или само си върти или напълно нищо не показва. Пробвал съм със 4 различни браузъри и наквсякъде е същото. Рових в нета сумати време и нищо не ми помага. Де-инсталирах антивирусна, махах всички екстенжъни на браузърите и няма резултат. Мисля че проблема ми е в самия компютър някъде.  
      - Не разполагам с компакт диск за ОС. 
       
       
      Addition.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by userr (administrator) on USERR-PC (24-12-2017 01:13:05)
      Running from E:\scoped_dir3952_30355
      Loaded Profiles: userr (Available Profiles: userr)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Bulgarian (Bulgaria)
      Internet Explorer Version 11 (Default browser: Opera)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
      (Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Gaijin Entertainment) C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software)
      HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
      HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-01-30] (ABBYY Production LLC.)
      HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-03] ()
      HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15377920 2014-04-29] ()
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [Gaijin.Net Agent] => C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2268232 2017-11-01] (Gaijin Entertainment)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\MountPoints2: {87819dae-0c57-11e4-9eea-d050991a0dfa} - G:\setup.exe
      AppInit_DLLs: C:\Users\userr\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => No File
      IFEO\bitguard.exe: [Debugger] tasklist.exe
      IFEO\bprotect.exe: [Debugger] tasklist.exe
      IFEO\bpsvc.exe: [Debugger] tasklist.exe
      IFEO\browserdefender.exe: [Debugger] tasklist.exe
      IFEO\browserprotect.exe: [Debugger] tasklist.exe
      IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
      IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
      IFEO\jumpflip: [Debugger] tasklist.exe
      IFEO\protectedsearch.exe: [Debugger] tasklist.exe
      IFEO\searchinstaller.exe: [Debugger] tasklist.exe
      IFEO\searchprotection.exe: [Debugger] tasklist.exe
      IFEO\searchprotector.exe: [Debugger] tasklist.exe
      IFEO\searchsettings.exe: [Debugger] tasklist.exe
      IFEO\searchsettings64.exe: [Debugger] tasklist.exe
      IFEO\snapdo.exe: [Debugger] tasklist.exe
      IFEO\stinst32.exe: [Debugger] tasklist.exe
      IFEO\stinst64.exe: [Debugger] tasklist.exe
      IFEO\umbrella.exe: [Debugger] tasklist.exe
      IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
      IFEO\volaro: [Debugger] tasklist.exe
      IFEO\vonteera: [Debugger] tasklist.exe
      IFEO\websteroids.exe: [Debugger] tasklist.exe
      IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
      Startup: C:\Users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-04-19]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      AutoConfigURL: [S-1-5-21-845983760-1135253478-3104952537-1000] => hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
      Tcpip\..\Interfaces\{5650381A-159B-4673-BC63-260706D9F749}: [DhcpNameServer] 192.168.100.1
      ManualProxies: 0hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1431722435&z=60bd0491cc64661fd12a8edg0zcc0g3m0oeo1zbcat&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-23] (AVAST Software)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-23] (AVAST Software)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1431722400&z=cc566e9454f28cf2ca26295g0z7cdgamco6odz3eec&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      FireFox:
      ========
      FF ProfilePath: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default [2017-12-24]
      FF user.js: detected! => C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\user.js [2016-03-15]
      FF Extension: (Avast SafePrice) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\sp@avast.com.xpi [2017-12-23]
      FF Extension: (Avast Online Security) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\wrc@avast.com.xpi [2017-12-23]
      FF SearchPlugin: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\searchplugins\default-search.xml [2014-08-24]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default [2017-12-24]
      CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2017-06-01]
      CHR Extension: (Docs) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19]
      CHR Extension: (YouTube) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
      CHR Extension: (Google Docs Offline) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
      CHR Extension: (Gmail) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-19]
      CHR Extension: (Chrome Media Router) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\userr\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-24]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      OPR Extension: (Adblock Plus) - C:\Users\userr\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-29]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-23] (AVAST Software)
      R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-09-25] (Autodesk) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software)
      S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-26] (BitRaider, LLC)
      S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-08-06] (GOG.com)
      S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
      R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-09] () [File not signed]
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4121080 2011-06-13] (INCA Internet Co., Ltd.) [File not signed]
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-24] ()
      S3 TunngleService; D:\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      S2 Ds3Service; "D:\Downloads\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe" [X]
      S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
      S2 Hamachi2Svc; "D:\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-23] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-23] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-23] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-23] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-23] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-23] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-23] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-23] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-23] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-23] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-23] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-23] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-23] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-23] (AVAST Software)
      S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-06-30] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-15] (DT Soft Ltd)
      S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-24] ()
      R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-06-30] ()
      R3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-09-16] (MotioninJoy) [File not signed]
      S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
      R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
      S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [21888 2006-01-29] (Syncrosoft GmbH) [File not signed]
      R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
      U3 aswbdisk; no ImagePath
      S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
      S3 dump_wmimmc; \??\D:\Phantasy Star Universe\PHANTASY STAR UNIVERSE\GameGuard\dump_wmimmc.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 01:12 - 2017-12-24 01:13 - 000000000 ____D C:\FRST
      2017-12-23 12:34 - 2017-12-23 12:34 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-23 03:20 - 2017-12-23 03:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-23 03:20 - 2017-12-23 03:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-23 02:44 - 2017-12-23 02:44 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2017-12-23 02:44 - 2017-12-23 02:44 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVAST Software
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-23 02:43 - 2017-12-23 02:41 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2017-12-23 02:43 - 2017-12-23 02:41 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2017-12-23 02:39 - 2017-12-23 02:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-23 02:30 - 2017-12-23 02:38 - 000000000 ____D C:\Users\userr\AppData\Local\AvgSetupLog
      2017-12-23 02:07 - 2017-12-24 01:10 - 000000000 ____D C:\Users\userr\AppData\LocalLow\Mozilla
      2017-12-23 02:06 - 2017-12-23 02:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-23 02:06 - 2017-12-23 02:06 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-12-10 18:50 - 2017-12-10 19:16 - 000000000 ____D C:\Users\userr\AppData\Roaming\Kodi
      2017-12-10 18:50 - 2017-12-10 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
      2017-12-10 18:49 - 2017-12-10 18:50 - 000000000 ____D C:\Program Files (x86)\Kodi
      2017-12-06 22:46 - 2017-12-06 22:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 00:38 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:34 - 2014-07-15 17:50 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVG
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Local\AVG
      2017-12-23 12:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 03:20 - 2014-08-26 10:46 - 000000000 ____D C:\Users\userr\AppData\Local\Adobe
      2017-12-23 03:20 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-23 03:16 - 2016-01-03 00:01 - 000000000 ____D C:\Users\userr\AppData\Local\CrashDumps
      2017-12-23 02:38 - 2016-05-15 19:06 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-23 02:38 - 2014-08-24 19:52 - 000000000 ____D C:\ProgramData\AVG
      2017-12-23 02:07 - 2014-07-15 18:21 - 000000000 ____D C:\Users\userr\AppData\Roaming\Mozilla
      2017-12-23 02:06 - 2014-07-15 18:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-21 04:29 - 2014-10-16 22:00 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1413489654
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-12-20 12:42 - 2014-07-15 22:11 - 000000000 ____D C:\Program Files (x86)\Opera
      2017-12-12 02:54 - 2014-07-15 18:15 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-10 19:02 - 2014-07-18 10:15 - 000000000 ____D C:\Program Files (x86)\Winamp
      2017-12-02 15:06 - 2016-02-27 13:58 - 000000000 ____D C:\Users\userr\AppData\Roaming\vlc
      2017-11-30 19:55 - 2009-07-14 07:13 - 000800086 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-30 19:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      ==================== Files in the root of some directories =======
      2015-06-28 11:25 - 2015-06-28 12:50 - 000003958 _____ () C:\Users\userr\AppData\Roaming\LTspiceIV.ini
      2016-01-01 23:01 - 2016-01-15 22:41 - 000007168 _____ () C:\Users\userr\AppData\Roaming\SQLiteManager3.pref
      2016-03-10 19:19 - 2016-03-10 19:19 - 000003584 _____ () C:\Users\userr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-07-23 18:59 - 2016-02-24 12:08 - 000000601 _____ () C:\Users\userr\AppData\Local\DialogChoices.xml
      2016-12-14 12:38 - 2016-12-14 12:38 - 000000600 _____ () C:\Users\userr\AppData\Local\PUTTY.RND
      2015-05-29 13:21 - 2015-05-29 13:21 - 000003992 _____ () C:\Users\userr\AppData\Local\recently-used.xbel
      2016-01-01 23:13 - 2009-09-24 21:36 - 000000486 _____ () C:\Users\userr\AppData\Local\uninstall.html
      Some files in TEMP:
      ====================
      2015-09-25 10:11 - 2014-07-31 18:54 - 000015752 _____ (Autodesk, Inc.) C:\Users\userr\AppData\Local\Temp\AcDeltree.exe
      2016-12-09 15:51 - 2016-12-09 15:51 - 000223744 _____ (Un4seen Developments) C:\Users\userr\AppData\Local\Temp\Bass.dll
      2016-12-09 15:51 - 2016-12-09 15:51 - 000647168 _____ (radio42) C:\Users\userr\AppData\Local\Temp\Bass.Net.dll
      2016-04-16 11:05 - 2016-04-16 11:05 - 000385024 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Crysis_Patch_1_2_launcher.exe
      2016-04-22 16:02 - 2016-04-23 19:52 - 000208896 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7340014.dll
      2016-04-22 16:08 - 2016-04-23 19:41 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7370014.dll
      2016-04-23 19:57 - 2016-04-24 10:30 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7390004.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000027352 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x64.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000029912 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x86.dll
      2015-12-15 08:20 - 2015-12-15 08:20 - 000010240 _____ () C:\Users\userr\AppData\Local\Temp\fh2communityupdaterselfupdate.exe
      2016-06-13 18:37 - 2016-06-13 18:37 - 001962752 _____ (Flexera Software LLC) C:\Users\userr\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
      2015-01-29 15:58 - 2006-01-09 06:35 - 000159744 ____R () C:\Users\userr\AppData\Local\Temp\GMfc.dll
      2016-03-21 16:06 - 2016-03-21 16:06 - 001022043 _____ (                                                            ) C:\Users\userr\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
      2016-07-28 09:16 - 2016-07-28 09:16 - 000741440 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u101-windows-au.exe
      2016-10-22 10:00 - 2016-10-22 10:00 - 000737856 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u111-windows-au.exe
      2017-01-21 09:41 - 2017-01-21 09:41 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u121-windows-au.exe
      2017-04-25 10:50 - 2017-04-25 10:50 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u131-windows-au.exe
      2017-07-21 08:54 - 2017-07-21 08:54 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-11-15 11:43 - 2017-11-15 11:43 - 001856576 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u151-windows-au.exe
      2016-03-27 09:48 - 2016-03-27 09:48 - 000736320 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u77-windows-au.exe
      2016-04-24 10:15 - 2016-04-24 10:15 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u91-windows-au.exe
      2015-01-29 15:58 - 1999-12-17 14:00 - 000995383 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Mfc42.dll
      2015-01-29 15:58 - 1999-12-17 14:00 - 000295000 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\MSVCRT.dll
      2016-03-07 10:20 - 2016-03-07 10:20 - 005495448 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
      2016-08-16 17:42 - 2016-08-16 17:42 - 006359496 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
      2016-01-25 13:38 - 2016-01-25 13:38 - 006350128 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.6.exe
      2017-01-02 12:39 - 2017-01-02 12:39 - 006456560 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe
      2017-06-14 10:20 - 2017-06-14 10:20 - 006441096 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.14.exe
      2015-09-01 18:07 - 2016-08-25 22:50 - 000746088 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI.dll
      2015-11-22 12:40 - 2015-11-14 07:54 - 000835776 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI64.dll
      2015-10-13 12:53 - 2015-07-23 02:46 - 000783688 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvStInst.exe
      2015-08-04 14:25 - 2015-08-04 14:25 - 000032984 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-win32.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000031960 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-x64.dll
      2006-01-04 09:04 - 2006-01-04 09:04 - 000098304 ____R () C:\Users\userr\AppData\Local\Temp\Setup.exe
      2016-06-23 10:10 - 2016-07-05 21:28 - 000192512 _____ () C:\Users\userr\AppData\Local\Temp\sfamcc00001.dll
      2015-02-10 19:56 - 2015-02-10 19:56 - 000105984 _____ () C:\Users\userr\AppData\Local\Temp\sfextra.dll
      2016-09-12 19:41 - 2016-09-12 19:42 - 036634172 _____ (Bogdan Ureche                                               ) C:\Users\userr\AppData\Local\Temp\SQLiteExpertPersSetup.exe
      2015-01-29 15:58 - 2006-01-09 18:37 - 000393216 ____R () C:\Users\userr\AppData\Local\Temp\UnivUI.dll
      2015-12-20 20:03 - 2015-12-20 20:03 - 013977352 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
      2016-09-02 18:27 - 2016-09-02 18:28 - 000003584 _____ () C:\Users\userr\AppData\Local\Temp\_j5iljyu.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 00:16
      ==================== End of FRST.txt ============================
      FRST.txt
    • от Емилиян Радоев
      Лаптома ми се товарии загрява мисля, че имам вируси в системата
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
      Ran by Emiliyan (administrator) on WISE (20-12-2017 16:03:52)
      Running from C:\Users\Emiliyan\Downloads
      Loaded Profiles: Emiliyan (Available Profiles: Emiliyan)
      Platform: Windows 8 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
      (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
      (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
      HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
      HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
      HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
      HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
      HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-19] (AVAST Software)
      HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
      HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-22] (Pegatron Corporation)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [Chromium] => "c:\users\emiliyan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {3200876f-a128-11e7-be97-74e543b067e1} - "E:\stp-fifa17.exe" 
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {5d49cdaf-cde8-11e7-bea2-74e543b067e1} - "F:\Install.exe" 
      Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{4162F2B5-AEAE-42DB-9CD1-CF34657B6E2D}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{72560D0F-2D93-4ECB-9356-DBA41E983165}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
      SearchScopes: HKU\S-1-5-21-3433298263-1705697951-3842491668-1001 -> DefaultScope {0117524D-8F49-4D9B-B308-983D78D06507} URL = 
      BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      FireFox:
      ========
      FF DefaultProfile: 1dnbjirw.default
      FF ProfilePath: C:\Users\Emiliyan\AppData\Roaming\Mozilla\Firefox\Profiles\1dnbjirw.default [2017-12-20]
      FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
      Chrome: 
      =======
      CHR Profile: C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
      CHR Extension: (Slides) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Docs) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-21]
      CHR Extension: (YouTube) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-21]
      CHR Extension: (Google Docs Offline) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-21]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-21]
      CHR Extension: (Gmail) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-21]
      CHR Extension: (Chrome Media Router) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-19] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
      R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
      R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-08-03] (McAfee, Inc.)
      R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-08-03] (McAfee, Inc.)
      R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-08-03] (McAfee, Inc.)
      S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
      R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
      S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-19] (AVAST Software)
      S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-19] (AVAST Software)
      R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
      S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [69672 2012-08-03] (McAfee, Inc.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-24] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-24] (Disc Soft Ltd)
      R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [169320 2012-08-03] (McAfee, Inc.)
      R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [300392 2012-08-03] (McAfee, Inc.)
      S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [66736 2012-07-19] (McAfee, Inc.)
      R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [513456 2012-08-03] (McAfee, Inc.)
      R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [752672 2012-08-03] (McAfee, Inc.)
      S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106112 2012-08-03] (McAfee, Inc.)
      R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [335784 2012-08-03] (McAfee, Inc.)
      R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 16:03 - 2017-12-20 16:04 - 000015501 _____ C:\Users\Emiliyan\Downloads\FRST.txt
      2017-12-20 16:03 - 2017-12-20 16:03 - 002392064 _____ (Farbar) C:\Users\Emiliyan\Downloads\FRST64.exe
      2017-12-20 16:03 - 2017-12-20 16:03 - 000000000 ____D C:\FRST
      2017-12-20 15:51 - 2017-12-20 15:51 - 001931969 _____ C:\Users\Emiliyan\Downloads\ProcessExplorer.zip
      2017-12-19 22:11 - 2017-12-20 00:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\In.Time.2011.BRRip.XviD.BGAudio-SLSS
      2017-12-19 22:10 - 2017-12-19 22:23 - 000000000 ____D C:\Users\Emiliyan\Downloads\We're.the.Millers.2013.BDRip.XviD.BGAUDiO-SLSS
      2017-12-19 19:41 - 2017-12-19 19:42 - 000000000 ____D C:\Users\Emiliyan\Downloads\Spico
      2017-12-19 19:35 - 2017-12-19 19:44 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico 9.2.3
      2017-12-19 19:32 - 2017-12-19 19:32 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-19 19:27 - 2017-12-19 19:27 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico_10.2.0
      2017-12-19 19:12 - 2017-12-20 15:36 - 000000000 ____D C:\Program Files\KMSpico
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003742 _____ C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache Files
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003272 _____ C:\WINDOWS\System32\Tasks\InstallShield® Update Service Scheduler
      2017-12-19 18:45 - 2017-12-19 18:45 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\AVAST Software
      2017-12-19 18:43 - 2017-12-19 19:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-12-19 18:42 - 2017-12-19 18:43 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-12-19 18:42 - 2017-12-19 18:42 - 000001087 _____ C:\Users\Emiliyan\Desktop\Your Unin-staller!.lnk
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:41 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-12-19 18:41 - 2017-12-20 15:36 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\{F5EAC3B6-D142-AF0E-BCDA-8AE698B2767E}
      2017-12-19 18:41 - 2017-12-19 18:54 - 000000000 ____D C:\ProgramData\TEMP
      2017-12-19 18:41 - 2017-12-19 18:41 - 006822592 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\your_uninstaller [1].exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\URSoft
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Opera Software
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\Opera Software
      2017-12-19 18:39 - 2017-12-19 18:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-19 18:38 - 2017-12-19 18:38 - 007289800 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\yusetup7.exe
      2017-12-19 18:38 - 2017-12-19 18:38 - 000002657 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
      2017-12-19 13:42 - 2017-12-19 13:42 - 000281568 _____ C:\WINDOWS\Minidump\121917-26937-01.dmp
      2017-12-19 13:30 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4]
      2017-12-19 13:28 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club)
      2017-12-19 13:27 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond
      2017-12-19 13:27 - 2017-12-19 13:27 - 000008240 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club).torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000017308 _____ C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond.torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000013206 _____ C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4].torrent
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen
      2017-12-19 13:22 - 2017-12-19 13:22 - 000019856 _____ C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole.torrent
      2017-12-19 13:22 - 2017-12-19 13:22 - 000016441 _____ C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen.torrent
      2017-12-19 13:18 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie
      2017-12-19 13:17 - 2017-12-19 13:17 - 000013807 _____ C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000019694 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Janice Griffith.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000018341 _____ C:\Users\Emiliyan\Downloads\BangbrosClips - Piper Perri (Pipe Her!! And By Her, We Mean Pipeperr!) NEW February 19 2015 SD MP4s.torrent
      2017-12-19 13:08 - 2017-12-19 13:08 - 000014431 _____ C:\Users\Emiliyan\Downloads\RKPrime - Tiffany Watson (Naughty Trainer).torrent
      2017-12-19 12:57 - 2017-12-19 12:57 - 000016656 _____ C:\Users\Emiliyan\Downloads\Elsa Jean - Bubble Blonde.torrent
      2017-12-19 12:19 - 2017-12-19 12:19 - 018316917 _____ C:\Users\Emiliyan\Downloads\Drift Pack.rar
      2017-12-17 23:39 - 2017-12-17 23:39 - 000000627 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arhiv.lnk
      2017-12-14 00:48 - 2017-12-14 00:48 - 000000000 _____ C:\Users\Emiliyan\Desktop\New Text Document (2).txt
      2017-12-12 14:12 - 2017-12-12 14:12 - 000281512 _____ C:\WINDOWS\Minidump\121217-37562-01.dmp
      2017-12-11 20:22 - 2017-12-11 20:22 - 000000000 ____D C:\Mu BattleZone Hard (No Sound)(1)
      2017-12-11 20:01 - 2017-12-11 20:02 - 092586941 _____ C:\Mu BattleZone Hard (No Sound)(1).rar
      2017-12-07 16:14 - 2017-12-07 16:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\1231
      2017-12-07 16:13 - 2017-12-07 16:14 - 092586941 _____ C:\Users\Emiliyan\Downloads\1231.rar
      2017-12-07 13:12 - 2017-12-07 13:12 - 000015260 _____ C:\Users\Emiliyan\Downloads\ReVolt_17.1124a.exe.torrent
      2017-11-24 14:44 - 2017-11-24 14:44 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install (1).exe
      2017-11-24 14:38 - 2017-12-18 18:43 - 000000000 ____D C:\Users\Emiliyan\Documents\GTA San Andreas User Files
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:28 - 2017-11-24 14:28 - 000001914 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
      2017-11-24 14:04 - 2017-11-24 14:04 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install.exe
      2017-11-24 14:04 - 2017-11-24 14:04 - 000000000 ____D C:\Users\Emiliyan\Downloads\crack
      2017-11-24 14:03 - 2017-11-24 14:03 - 004811976 _____ C:\Users\Emiliyan\Downloads\crack.rar
      2017-11-24 14:03 - 2017-11-24 14:03 - 000162504 _____ C:\Users\Emiliyan\Downloads\[ArenaBG.com]-Grand Theft Auto (GTA) San Andreas-HOODLUM.torrent
      2017-11-23 17:55 - 2017-12-19 18:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 15:51 - 2017-06-22 01:33 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\uTorrent
      2017-12-20 15:46 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\LocalLow\Mozilla
      2017-12-20 12:14 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-12-19 19:37 - 2012-07-26 09:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-12-19 19:37 - 2012-07-26 07:37 - 000000000 ____D C:\WINDOWS\Inf
      2017-12-19 19:31 - 2017-06-22 00:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
      2017-12-19 19:30 - 2012-07-26 09:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-19 19:12 - 2012-08-29 23:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\Toshiba
      2017-12-19 19:10 - 2017-07-07 21:08 - 000000000 ____D C:\Users\Emiliyan\Downloads\simson
      2017-12-19 18:52 - 2012-08-30 09:14 - 000000000 ____D C:\WINDOWS\Panther
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
      2017-12-19 18:41 - 2017-09-24 18:24 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-19 13:56 - 2017-11-19 22:13 - 000000000 ____D C:\Users\Emiliyan\Downloads1
      2017-12-19 13:42 - 2017-06-22 12:00 - 000000000 ____D C:\WINDOWS\Minidump
      2017-12-19 13:42 - 2017-06-22 11:59 - 715990818 _____ C:\WINDOWS\MEMORY.DMP
      2017-12-18 21:49 - 2017-10-12 12:37 - 000222208 ___SH C:\Users\Emiliyan\Desktop\Thumbs.db
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-12-12 14:11 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-11 00:40 - 2017-06-22 14:53 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-24 15:37 - 2017-09-25 19:03 - 000281088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 15:36 - 2012-07-26 07:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
      2017-11-24 14:28 - 2012-08-29 23:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2017-11-23 17:56 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Mozilla
      2017-11-23 17:56 - 2017-06-22 14:53 - 000000935 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      ==================== Files in the root of some directories =======
      2017-06-22 01:24 - 2017-06-22 01:24 - 000007606 _____ () C:\Users\Emiliyan\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-15 14:17
      ==================== End of FRST.txt ============================
      Addition.txt
    • от embolado
      Здравейте! От няколко дни NOD32 периодично ми изкарва съобщението от картинката, което ме кара да се съмянвам, че компютъра ми има вирус.

      Ето и логовете от FRST
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by USER (administrator) on USER-PC (23-12-2017 17:16:05)
      Running from C:\Users\USER\Desktop
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
      (Node.js) C:\Windows\Prey\versions\1.7.2\bin\node.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      () D:\Install\Testing Tools\quietHDD\quietHDD.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Fork, Ltd.) C:\Windows\Prey\versions\1.7.2\node_modules\triggers\bin\lightevt.exe
      (HP) C:\Windows\System32\HPSIsvc.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      (ESET) C:\Program Files\ESET\ESET Security\egui.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-21] (ESET)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
      HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      Winlogon\Notify\WgaLogon:
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {027c0954-011d-11e7-92c7-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {95871b5f-00b7-11e7-8cf1-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {d96b13d4-6d84-11e5-92f1-b4b52f788ef4} - H:\setup.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e6bf35c6-0111-11e7-8df9-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e80d797e-c983-11e5-bc97-b4b52f788ef4} - F:\setup.exe
      AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-16] (Jaksta Technologies Pty Ltd)
      Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD.lnk [2013-03-09]
      ShortcutTarget: quietHDD.lnk -> D:\Install\Testing Tools\quietHDD\quietHDD.exe ()
      GroupPolicy: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      ProxyServer: [S-1-5-21-2316775370-2964681540-2297035872-1000] => https=127.0.0.1:54745
      Hosts: 127.0.0.1   www.martau.com
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{3D41CC7B-1CA0-4A34-B378-EF83D183B83F}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{42A1B73C-2FD5-4744-A1AC-DD4C68DBB756}: [DhcpNameServer] 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-2316775370-2964681540-2297035872-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
      BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      FireFox:
      ========
      FF DefaultProfile: bx4xcpl7.default
      FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default [2017-12-23]
      FF Homepage: Mozilla\Firefox\Profiles\bx4xcpl7.default -> google.bg
      FF NewTabOverride: Mozilla\Firefox\Profiles\bx4xcpl7.default -> Enabled: "id":"{66E978CD-981F-47DF-AC42-E3CF417C1467
      FF Extension: (MEGA) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\firefox@mega.co.nz.xpi [2017-11-17]
      FF Extension: (New Tab Homepage) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-11-18]
      FF Extension: (image-save) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{6f99b5da-d696-4a33-8cc4-072873422204}.xpi [2017-11-17]
      FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
      R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2017-11-22] (Fork, Ltd.) [File not signed]
      R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-21] (ESET)
      R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)
      S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (DEVGURU Co., LTD.)
      S4 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
      S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2017-03-04] (Sysprogs OU)
      U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-01-07] (IVT Corporation.)
      S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [35848 2008-12-07] ()
      S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-06] (Samsung Electronics Co., Ltd.)
      S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-06-04] (Disc Soft Ltd)
      S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-10-08] (DT Soft Ltd)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2017-12-08] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
      R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2017-12-08] (ESET)
      S1 ISODrive; C:\Windows\SysWOW64\Drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
      S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31624 2008-07-02] (IVT Corporation.)
      S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1162952 2013-07-13] (Ralink Technology, Corp.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-06] (Samsung Electronics Co., Ltd.)
      U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
      U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BT; system32\DRIVERS\btnetdrv.sys [X]
      S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
      S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
      S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
      S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
      S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
      S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
      S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
      S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
      S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
      S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
      S3 VComm; system32\DRIVERS\VComm.sys [X]
      S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
      S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:16 - 2017-12-23 17:16 - 000012226 _____ C:\Users\USER\Desktop\FRST.txt
      2017-12-23 17:15 - 2017-12-23 17:16 - 000000000 ____D C:\FRST
      2017-12-23 16:58 - 2017-12-23 16:58 - 002392064 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
      2017-12-14 23:52 - 2017-12-14 23:52 - 000000000 ____D C:\Users\USER\AppData\Local\Viber
      2017-11-29 17:30 - 2017-11-29 17:30 - 000000000 ____D C:\Users\USER\AppData\Roaming\ABBYY
      2017-11-28 23:28 - 2017-11-28 23:28 - 000002697 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2017-11-24 13:58 - 2017-12-11 17:13 - 000001438 _____ C:\Users\USER\Desktop\Mozilla Firefox.lnk
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:15 - 2017-03-03 19:29 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:09 - 2017-05-08 00:51 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2017-12-23 17:08 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-23 17:06 - 2017-11-22 20:05 - 000000000 ____D C:\Windows\Prey
      2017-12-23 17:06 - 2013-09-13 16:20 - 000001017 _____ C:\Windows\SysWOW64\bscs.ini
      2017-12-23 17:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 16:55 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-23 02:05 - 2013-04-26 22:50 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2017-12-23 00:51 - 2017-11-22 19:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-12-22 18:37 - 2014-11-03 20:17 - 000004096 _____ C:\Users\USER\AppData\Local\keyfile3.drm
      2017-12-22 01:38 - 2017-07-11 22:53 - 000000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
      2017-12-21 21:59 - 2013-11-26 22:18 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
      2017-12-18 15:30 - 2016-03-18 02:15 - 000012288 ___SH C:\Users\USER\AppData\Roaming\Thumbs.db
      2017-12-17 10:12 - 2017-10-21 08:34 - 000000000 ____D C:\Users\USER\AppData\Roaming\ViberPC
      2017-12-13 01:23 - 2017-11-17 22:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-13 01:23 - 2017-11-17 22:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-13 01:23 - 2017-11-17 22:38 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-13 01:23 - 2013-03-28 20:01 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-13 01:23 - 2012-12-29 22:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-09 11:17 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-08 23:22 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-08 20:25 - 2017-11-02 09:02 - 000134368 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
      2017-12-08 20:25 - 2017-10-09 16:49 - 000180088 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
      2017-12-08 20:25 - 2017-09-19 09:05 - 000106304 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
      2017-11-28 23:28 - 2012-12-30 00:31 - 000000000 ____D C:\ProgramData\Skype
      ==================== Files in the root of some directories =======
      2016-03-18 02:15 - 2017-12-18 15:30 - 000012288 ___SH () C:\Users\USER\AppData\Roaming\Thumbs.db
      2016-02-08 01:25 - 2016-02-08 01:25 - 000006529 _____ () C:\Users\USER\AppData\Roaming\UserTile.png
      2015-06-08 18:55 - 2015-08-20 17:08 - 000000031 _____ () C:\Users\USER\AppData\Local\burnaware.ini
      2013-04-18 15:40 - 2015-08-23 12:48 - 000007680 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2017-09-25 20:21 - 2017-09-25 20:21 - 000000036 _____ () C:\Users\USER\AppData\Local\housecall.guid.cache
      2014-11-03 20:17 - 2017-12-22 18:37 - 000004096 _____ () C:\Users\USER\AppData\Local\keyfile3.drm
      2013-02-05 23:18 - 2013-02-05 23:18 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.25.agreement
      2015-06-19 18:43 - 2015-06-19 18:43 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.40.agreement
      2017-06-20 18:27 - 2017-06-20 18:27 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.1.10.agreement
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000013 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.dir
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.filterindex
      2017-06-20 18:27 - 2017-08-29 12:08 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.sourcedisk.index
      2013-02-18 20:48 - 2017-11-11 20:47 - 000007652 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 02:06
      ==================== End of FRST.txt ============================
       
       
      Addition.txt
    • от D101149
      Здравейте! Имам проблеми със системата си, за пореден път се обръщам към вас с надеждата отново да ми помогнете.  Просто искам да кажа, че направих голяма глупост и се нахаках с куп вируси, ако ударите едно рамо ще съм ви много благодарен за пореден път
      FRST.txt
      Addition.txt
    • от Tania Simeonova
      Нямам представа какъв е вирусът, но компютърът не работи правилно, не се отварят напълно страниците, голяма част от изображенията не се зареждат!
      резултатите от сканирането: FRST.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
      Ran by krasi (administrator) on KRASI-PC (13-12-2017 18:19:54)
      Running from C:\Users\krasi\Downloads
      Loaded Profiles: krasi (Available Profiles: krasi)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser not detected!)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (阿里巴巴(中国)有限公司) C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe
      (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
      () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
      (Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Alibaba Group) C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      (阿里巴巴(中国)有限公司) C:\Users\krasi\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
      (Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
      (© 2015 Microsoft Corporation) C:\Users\krasi\AppData\Local\Microsoft\BingSvc\BingSvc.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      () C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServer.exe
      (Alibaba (China) Co., Ltd.) C:\Program Files (x86)\TradeManager\AliIM.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      () C:\Program Files (x86)\STDU Viewer\STDUViewerApp.exe
      (阿里巴巴(中国)有限公司) C:\Program Files (x86)\AliSafeEngine\5.0.2\AliIMSafeUI.exe
      (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
      () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
      (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
      () C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServerWatchDog.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      () C:\Program Files (x86)\TradeManager\AliApp.exe
      () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
      (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
      HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
      HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
      HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
      HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
      HKLM-x32\...\Run: [zenvpn] => C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1634304 2015-06-26] (Informer Technologies, Inc.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Facebook Update] => C:\Users\krasi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-20] (Facebook Inc.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [BingSvc] => C:\Users\krasi\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Ivideon Server] => C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServer.exe [2745384 2016-04-06] ()
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Auto Hide IP] => C:\Program Files (x86)\AutoHideIP\AutoHideIP.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [ProxyFirewall] => C:\Program Files (x86)\ProxyFirewall\ProxyFirewall.exe************************************************************************************************************************************************** (the data entry has 59 more characters).
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Vidalia] => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [556472 2017-09-21] (Alibaba (China) Co., Ltd.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {360dbedc-faa0-11e6-8f8e-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {601ad4bf-24f1-11e3-9659-002215d5bbf6} - E:\Autorun.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {ad78493c-8f26-11e7-a40c-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {c6bba659-6e94-11e3-b0c9-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-11-15]
      ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
      Startup: C:\Users\krasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-01-10]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy\User: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 31.211.159.254 31.211.159.253
      Tcpip\..\Interfaces\{4E2EDFE8-1AE1-40D1-8B42-FACE1D9B1466}: [DhcpNameServer] 31.211.159.254 31.211.159.253
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20] (Oracle Corporation)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
      BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20] (Oracle Corporation)
      Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
      Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
      Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default [2017-12-13]
      FF Homepage: Mozilla\Firefox\Profiles\8979hrxg.default -> hxxps://www.google.bg/
      FF NetworkProxy: Mozilla\Firefox\Profiles\8979hrxg.default -> http", "1.160.3.133"
      FF Extension: (Best Proxy Switcher) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2017-10-16]
      FF Extension: (Firebug) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\firebug@software.joehewitt.com.xpi [2017-10-24] [Legacy]
      FF Extension: (Fox Web Security) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\s3fox@security.xpi [2017-10-16] [Legacy]
      FF Extension: (Test Pilot) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\testpilot@labs.mozilla.com.xpi [2016-09-08] [Legacy]
      FF Extension: (NoScript) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-12-04]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\aol-search.xml [2013-06-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-1.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-10.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-100.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-101.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-102.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-103.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-104.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-105.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-106.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-107.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-108.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-109.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-11.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-110.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-111.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-112.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-113.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-114.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-115.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-116.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-117.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-118.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-119.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-12.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-120.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-121.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-122.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-123.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-124.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-125.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-126.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-127.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-128.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-129.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-13.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-130.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-131.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-132.xml [2015-08-12]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-133.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-134.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-135.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-136.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-137.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-138.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-139.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-14.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-140.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-141.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-142.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-143.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-144.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-145.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-146.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-147.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-148.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-149.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-15.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-150.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-151.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-152.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-153.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-154.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-155.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-156.xml [2015-09-10]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-157.xml [2015-09-10]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-16.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-17.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-18.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-19.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-2.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-20.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-21.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-22.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-23.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-24.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-25.xml [2015-03-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-26.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-27.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-28.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-29.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-3.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-30.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-31.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-32.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-33.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-34.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-35.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-36.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-37.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-38.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-39.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-4.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-40.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-41.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-42.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-43.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-44.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-45.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-46.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-47.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-48.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-49.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-5.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-50.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-51.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-52.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-53.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-54.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-55.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-56.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-57.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-58.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-59.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-6.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-60.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-61.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-62.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-63.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-64.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-65.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-66.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-67.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-68.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-69.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-7.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-70.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-71.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-72.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-73.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-74.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-75.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-76.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-77.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-78.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-79.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-8.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-80.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-81.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-82.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-83.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-84.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-85.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-86.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-87.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-88.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-89.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-9.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-90.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-91.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-92.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-93.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-94.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-95.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-96.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-97.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-98.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-99.xml [2015-05-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1.xml [2015-02-15]
      FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
      FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll [2017-09-21] ( )
      FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2017-09-21] ( )
      FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\4.0.0.101\npaliedit.dll [2015-03-24] (Alipay.com co.,ltd)
      FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\4.0.0.101\npAliSecCtrl.dll [2015-03-24] (Alipay.com Inc. )
      FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
      FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
      FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
      FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll [2010-12-04] (Inhatch)
      FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-20] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-20] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
      FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-09-20] (RocketLife, LLP)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2014-10-08] (Alibaba software (Shanghai) Corporation.)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alipay.com/npalicert -> C:\Users\krasi\AppData\Roaming\alipay\cf\npalicdo.dll [2014-10-21] (alipay.com)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\krasi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\krasi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-01] (Unity Technologies ApS)
      Chrome: 
      =======
      CHR Profile: C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default [2017-12-13]
      CHR Extension: (Google Диск) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10]
      CHR Extension: (Adobe Acrobat) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-10]
      CHR Extension: (Google Документи офлайн) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-10]
      CHR Extension: (Skype) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-10]
      CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-10]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-10]
      CHR Extension: (Chrome Media Router) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
      CHR Profile: C:\Users\krasi\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-17]
      CHR HKU\S-1-5-21-237019498-3253715406-2815218077-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\krasi\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-07-29]
      CHR HKU\S-1-5-21-237019498-3253715406-2815218077-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gnfaiijpfcmdehcgcnnippmnhjjnbllp] - C:\Program Files (x86)\Blingee Plus\blingee_plus_nt.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-29] (Adobe Systems) [File not signed]
      R2 AliSafeEngine Service; C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe [594080 2016-05-10] (阿里巴巴(中国)有限公司)
      R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
      R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2017-09-05] (ESET)
      S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-08-07] (Macrovision Europe Ltd.) [File not signed]
      R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [850128 2015-10-12] ()
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
      R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-12-15] ()
      R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2017-02-05] (Alibaba (China) Co., LTD. All rights reserved.)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      R2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2904176 2016-07-14] (Alibaba Group)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-27] (Disc Soft Ltd)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2017-09-05] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2017-09-05] (ESET)
      R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181384 2017-09-05] (ESET)
      S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
      R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
      S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
      R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-03-01] (Anchorfree Inc.)
      S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-13 18:14 - 2017-12-13 18:19 - 000071574 _____ C:\Users\krasi\Downloads\Addition.txt
      2017-12-13 18:11 - 2017-12-13 18:20 - 000050702 _____ C:\Users\krasi\Downloads\FRST.txt
      2017-12-13 18:10 - 2017-12-13 18:19 - 000000000 ____D C:\FRST
      2017-12-13 18:09 - 2017-12-13 18:10 - 002392064 _____ (Farbar) C:\Users\krasi\Downloads\FRST64.exe
      2017-12-12 20:58 - 2017-11-17 06:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-12-12 20:58 - 2017-11-15 03:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-12-12 20:58 - 2017-11-15 02:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2017-12-12 20:58 - 2017-11-14 05:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-12-12 20:58 - 2017-11-14 05:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-12-12 20:58 - 2017-11-14 05:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-12-12 20:58 - 2017-11-14 05:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-12-12 20:58 - 2017-11-14 05:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-12-12 20:58 - 2017-11-14 05:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-12-12 20:58 - 2017-11-14 05:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-12-12 20:58 - 2017-11-14 05:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-12-12 20:58 - 2017-11-14 05:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-12-12 20:58 - 2017-11-14 05:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-12-12 20:58 - 2017-11-14 05:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-12-12 20:58 - 2017-11-14 05:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-12-12 20:58 - 2017-11-14 05:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-12-12 20:58 - 2017-11-14 05:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-12-12 20:58 - 2017-11-14 05:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-12-12 20:58 - 2017-11-14 05:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-12-12 20:58 - 2017-11-14 05:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-12-12 20:58 - 2017-11-14 05:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-12-12 20:58 - 2017-11-14 05:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-12-12 20:58 - 2017-11-14 05:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-12-12 20:58 - 2017-11-14 05:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-12-12 20:58 - 2017-11-14 05:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-12-12 20:58 - 2017-11-14 04:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-12-12 20:58 - 2017-11-14 04:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-12-12 20:58 - 2017-11-14 04:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-12-12 20:58 - 2017-11-14 04:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-12-12 20:58 - 2017-11-14 04:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-12-12 20:58 - 2017-11-14 04:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-12-12 20:58 - 2017-11-14 04:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-12-12 20:58 - 2017-11-14 03:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2017-12-12 20:58 - 2017-11-14 03:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2017-12-12 20:58 - 2017-11-14 02:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2017-12-12 20:58 - 2017-11-14 02:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2017-12-12 20:58 - 2017-11-07 22:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2017-12-12 20:58 - 2017-11-07 22:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2017-12-12 20:58 - 2017-11-07 22:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2017-12-12 20:58 - 2017-11-07 22:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2017-12-12 20:58 - 2017-11-07 22:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2017-12-12 20:58 - 2017-11-07 22:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2017-12-12 20:58 - 2017-11-07 22:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2017-12-12 20:58 - 2017-11-07 22:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2017-12-12 20:58 - 2017-11-07 22:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2017-12-12 20:58 - 2017-11-07 22:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2017-12-12 20:58 - 2017-11-07 22:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2017-12-12 20:58 - 2017-11-07 22:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2017-12-12 20:58 - 2017-11-07 22:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2017-12-12 20:58 - 2017-11-07 22:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2017-12-12 20:58 - 2017-11-07 22:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2017-12-12 20:58 - 2017-11-07 22:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2017-12-12 20:58 - 2017-11-07 22:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2017-12-12 20:58 - 2017-11-07 22:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2017-12-12 20:58 - 2017-11-07 22:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2017-12-12 20:58 - 2017-11-07 22:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2017-12-12 20:58 - 2017-11-07 22:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2017-12-12 20:58 - 2017-11-07 22:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2017-12-12 20:58 - 2017-11-07 22:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2017-12-12 20:58 - 2017-11-07 21:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2017-12-12 20:58 - 2017-11-07 18:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2017-12-12 20:58 - 2017-11-07 18:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2017-12-12 20:58 - 2017-11-04 17:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2017-12-12 20:58 - 2017-11-04 17:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2017-12-12 20:58 - 2017-11-04 17:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2017-12-12 20:58 - 2017-11-04 17:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
      2017-12-12 20:58 - 2017-11-02 16:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
      2017-12-12 20:58 - 2017-10-17 01:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
      2017-12-12 20:58 - 2017-10-17 00:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
      2017-12-12 20:58 - 2017-10-12 02:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
      2017-12-12 07:23 - 2017-12-12 07:23 - 002989952 _____ C:\Users\krasi\Downloads\ZHPCleaner (2).exe
      2017-12-12 06:50 - 2017-12-12 06:50 - 000605424 _____ (Reimage) C:\Users\krasi\Downloads\ReimageRepair (2).exe
      2017-12-12 06:15 - 2017-12-12 06:15 - 000605424 _____ (Reimage) C:\Users\krasi\Downloads\ReimageRepair (1).exe
      2017-12-11 16:29 - 2017-12-13 07:47 - 000000000 ____D C:\AdwCleaner
      2017-12-11 16:26 - 2017-12-11 16:29 - 008187336 _____ (Malwarebytes) C:\Users\krasi\Downloads\adwcleaner_7.0.5.0.exe
      2017-12-11 14:20 - 2017-12-11 14:21 - 002989952 _____ C:\Users\krasi\Downloads\ZHPCleaner (1).exe
      2017-12-10 16:31 - 2017-12-11 14:39 - 000002450 _____ C:\Users\krasi\Desktop\ZHPCleaner.txt
      2017-12-10 16:12 - 2017-12-13 06:25 - 000000830 _____ C:\Users\krasi\Desktop\ZHPCleaner.lnk
      2017-12-10 16:12 - 2017-12-13 06:25 - 000000000 ____D C:\Users\krasi\AppData\Roaming\ZHP
      2017-12-10 16:12 - 2017-12-10 16:12 - 000000000 ____D C:\Users\krasi\AppData\Local\ZHP
      2017-12-10 16:09 - 2017-12-10 16:11 - 002988416 _____ C:\Users\krasi\Downloads\ZHPCleaner.exe
      2017-12-09 10:41 - 2017-12-09 10:41 - 000262144 ____N C:\Windows\Minidump\120917-31761-01.dmp
      2017-12-06 15:41 - 2017-12-06 15:41 - 002694408 _____ C:\Users\krasi\Downloads\13-0392-5-Prog_ovoshtni (3).pdf
      2017-12-05 16:11 - 2017-12-05 16:11 - 000262144 ____N C:\Windows\Minidump\120517-27565-01.dmp
      2017-12-04 11:18 - 2017-12-04 11:18 - 000190568 _____ C:\Users\krasi\Downloads\ECCNET-complaint (1).pdf
      2017-12-03 16:25 - 2017-12-03 16:25 - 000262144 ____N C:\Windows\Minidump\120317-15553-01.dmp
      2017-12-03 11:45 - 2017-12-03 11:45 - 000262144 ____N C:\Windows\Minidump\120317-17206-01.dmp
      2017-12-03 09:19 - 2017-12-03 09:19 - 000190568 _____ C:\Users\krasi\Downloads\ECCNET-complaint.pdf
      2017-12-03 08:51 - 2017-12-03 08:51 - 002694408 _____ C:\Users\krasi\Downloads\13-0392-5-Prog_ovoshtni (2).pdf
      2017-12-03 07:45 - 2017-12-03 07:45 - 000262144 ____N C:\Windows\Minidump\120317-20482-01.dmp
      2017-11-26 16:42 - 2017-11-26 16:42 - 000262144 ____N C:\Windows\Minidump\112617-157389-01.dmp
      2017-11-25 17:37 - 2017-12-12 20:36 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-11-25 17:36 - 2017-12-12 20:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-11-25 17:36 - 2017-12-12 20:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-11-20 06:22 - 2017-11-20 06:24 - 141015434 _____ C:\Users\krasi\Downloads\AdbeRdr11000_mui_Std (1).zip
      2017-11-20 06:22 - 2017-11-20 06:23 - 040116224 _____ C:\Users\krasi\Downloads\AdbeRdrUpd11021_MUI.msp
      2017-11-18 10:51 - 2017-11-18 10:53 - 141015434 _____ C:\Users\krasi\Downloads\AdbeRdr11000_mui_Std.zip
      2017-11-18 07:16 - 2017-11-18 07:16 - 020771800 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player (1).exe
      2017-11-18 07:16 - 2017-11-18 07:16 - 020250592 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player_ax.exe
      2017-11-18 07:15 - 2017-11-18 07:16 - 020732888 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player_ppapi.exe
      2017-11-17 08:25 - 2017-11-17 08:26 - 010849904 _____ (Piriform Ltd) C:\Users\krasi\Downloads\ccsetup537.exe
      2017-11-17 08:22 - 2017-11-17 08:23 - 048123704 _____ (TuneUp Software) C:\Users\krasi\Downloads\TuneUpUtilities2014_en-US.exe
      2017-11-16 08:01 - 2017-11-16 08:01 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\flashplayer27pp_id_install.exe
      2017-11-16 07:45 - 2017-11-16 07:45 - 020771840 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player.exe
      2017-11-16 07:34 - 2017-11-16 07:35 - 000311248 _____ (Mozilla) C:\Users\krasi\Downloads\Firefox Installer(1).exe
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\ProgramData\McAfee Security Scan
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\Program Files\McAfee Security Scan
      2017-11-15 19:01 - 2017-11-15 19:32 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      2017-11-15 19:01 - 2017-11-15 19:32 - 000000000 ____D C:\Program Files (x86)\McAfee Security Scan
      2017-11-15 13:22 - 2017-11-15 13:22 - 000000000 ____D C:\Users\krasi\AppData\Local\ElevatedDiagnostics
      2017-11-15 09:01 - 2017-11-15 09:01 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Opera Software
      2017-11-15 09:01 - 2017-11-15 09:01 - 000000000 ____D C:\Users\krasi\AppData\Local\Opera Software
      2017-11-15 08:59 - 2017-11-19 12:49 - 000000000 ____D C:\Program Files\Opera
      2017-11-15 08:58 - 2017-11-15 08:59 - 001258640 _____ (Opera Software) C:\Users\krasi\Downloads\OperaSetup.exe
      2017-11-15 02:16 - 2017-10-18 04:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2017-11-15 02:16 - 2017-10-17 01:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2017-11-15 02:16 - 2017-10-16 23:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2017-11-15 02:16 - 2017-10-12 02:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
      2017-11-15 02:16 - 2017-10-12 02:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
      2017-11-15 02:16 - 2017-10-12 02:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
      2017-11-15 02:16 - 2017-10-12 02:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2017-11-15 02:16 - 2017-10-12 02:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
      2017-11-15 02:16 - 2017-10-12 02:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
      2017-11-15 02:16 - 2017-10-12 02:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
      2017-11-15 02:16 - 2017-10-12 02:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
      2017-11-15 02:16 - 2017-10-12 02:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2017-11-15 02:16 - 2017-10-12 02:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
      2017-11-15 02:16 - 2017-10-12 02:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
      2017-11-15 02:16 - 2017-10-12 02:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
      2017-11-15 02:16 - 2017-10-12 02:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
      2017-11-15 02:16 - 2017-10-12 02:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
      2017-11-15 02:16 - 2017-10-12 02:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
      2017-11-15 02:16 - 2017-10-12 02:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
      2017-11-15 02:16 - 2017-10-12 02:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
      2017-11-15 02:16 - 2017-10-12 02:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2017-11-15 02:13 - 2017-10-18 04:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2017-11-15 02:13 - 2017-10-18 04:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2017-11-15 02:13 - 2017-10-16 00:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2017-11-15 02:13 - 2017-10-04 15:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2017-11-13 15:49 - 2017-11-13 15:49 - 025614068 _____ C:\Users\krasi\Downloads\php-7.2.0RC6-Win32-VC15-x64.zip
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-13 18:19 - 2014-03-20 15:14 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-237019498-3253715406-2815218077-1001UA.job
      2017-12-13 18:18 - 2013-12-23 16:04 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Software Informer
      2017-12-13 18:08 - 2017-02-07 06:02 - 000000000 ____D C:\ProgramData\AliAntiVirusED
      2017-12-13 18:08 - 2017-02-05 17:01 - 000000000 ____D C:\Users\krasi\AppData\Roaming\TaobaoProtect
      2017-12-13 18:01 - 2015-08-28 17:56 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e1aaf219f40.job
      2017-12-13 18:01 - 2015-07-16 00:56 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf516b0a7118.job
      2017-12-13 18:00 - 2015-05-17 02:50 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0903b82a18cc0.job
      2017-12-13 17:55 - 2013-01-18 09:54 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
      2017-12-13 17:55 - 2013-01-05 12:16 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Skype
      2017-12-13 17:52 - 2013-12-23 12:25 - 000000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
      2017-12-13 17:43 - 2014-03-16 16:21 - 000000398 _____ C:\Windows\Tasks\WpsUpdateTask_krasi.job
      2017-12-13 16:02 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-13 16:02 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-13 15:19 - 2014-03-20 15:14 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-237019498-3253715406-2815218077-1001Core.job
      2017-12-13 15:01 - 2015-08-28 17:56 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e1aae22cce0.job
      2017-12-13 11:11 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
      2017-12-13 07:55 - 2015-11-29 13:07 - 000000000 ___RD C:\Users\krasi\Google Drive
      2017-12-13 07:54 - 2017-02-05 16:36 - 000000000 ____D C:\Program Files (x86)\TradeManager
      2017-12-13 07:53 - 2017-02-05 17:00 - 000000000 ____D C:\ProgramData\boost_interprocess
      2017-12-13 07:50 - 2015-07-16 00:55 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf516a17d3b8.job
      2017-12-13 07:50 - 2015-05-17 02:50 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0903b81e14a00.job
      2017-12-13 07:50 - 2013-01-18 09:54 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
      2017-12-13 07:49 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-13 07:36 - 2015-03-06 07:46 - 000000058 _____ C:\Users\krasi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
      2017-12-13 03:42 - 2009-07-14 06:45 - 005445240 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-12-13 03:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
      2017-12-13 03:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Setup
      2017-12-13 03:14 - 2013-08-03 02:00 - 000000000 ____D C:\Windows\system32\MRT
      2017-12-13 03:06 - 2017-10-12 02:17 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-12-13 03:06 - 2013-01-03 13:48 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-12-12 20:36 - 2013-01-03 13:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-12 20:36 - 2013-01-03 13:06 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-11 16:43 - 2013-01-03 10:40 - 000000000 ____D C:\Users\krasi
      2017-12-11 16:41 - 2013-09-22 12:58 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Yahoo!
      2017-12-10 23:54 - 2013-12-24 06:52 - 000000000 ____D C:\Users\krasi\AppData\Local\CrashDumps
      2017-12-09 15:38 - 2016-11-30 07:32 - 000000000 ____D C:\Users\krasi\AppData\LocalLow\Mozilla
      2017-12-09 10:43 - 2013-06-18 06:30 - 000000048 _____ C:\RB.rdat
      2017-12-09 10:43 - 2013-06-18 06:30 - 000000048 _____ C:\License_Time.rdat
      2017-12-09 10:41 - 2013-01-06 07:08 - 000000000 ____D C:\Windows\Minidump
      2017-12-08 00:03 - 2017-11-03 11:04 - 000002000 _____ C:\Users\Public\Desktop\Google Sheets.lnk
      2017-12-08 00:03 - 2017-09-14 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
      2017-12-08 00:03 - 2015-11-29 13:04 - 000002002 _____ C:\Users\Public\Desktop\Google Slides.lnk
      2017-12-08 00:03 - 2015-11-29 13:04 - 000001990 _____ C:\Users\Public\Desktop\Google Docs.lnk
      2017-12-04 10:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\PolicyDefinitions
      2017-12-04 09:34 - 2014-05-17 08:26 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2017-12-03 12:43 - 2009-07-14 07:13 - 000784210 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-03 12:43 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-01 09:40 - 2017-02-05 17:00 - 000000000 ____D C:\Users\krasi\AppData\Local\aef
      2017-11-30 19:01 - 2015-11-17 12:02 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2017-11-26 16:40 - 2016-12-20 07:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-11-26 16:40 - 2016-09-25 14:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-11-25 17:37 - 2013-03-27 09:34 - 000000000 ____D C:\Users\krasi\AppData\Local\Adobe
      2017-11-17 12:26 - 2015-11-29 05:55 - 000000000 ____D C:\Users\krasi\AppData\Roaming\PhotoScape
      2017-11-17 12:26 - 2014-01-09 09:29 - 000000000 ____D C:\Users\krasi\Tracing
      2017-11-17 12:26 - 2013-09-27 10:29 - 000000000 ____D C:\Users\krasi\AppData\Roaming\DAEMON Tools Lite
      2017-11-17 12:26 - 2013-09-22 17:19 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Media Player Classic
      2017-11-17 10:39 - 2013-01-03 20:33 - 000000000 ____D C:\Windows\Panther
      2017-11-17 08:23 - 2015-04-21 13:28 - 000000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
      2017-11-16 07:36 - 2016-09-25 14:24 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-16 07:36 - 2016-09-25 14:24 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      2017-11-16 07:15 - 2013-01-03 10:47 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Mozilla
      2017-11-16 04:08 - 2013-01-18 09:54 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-16 04:08 - 2013-01-18 09:54 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-11-15 19:00 - 2013-01-03 13:06 - 000000000 ____D C:\ProgramData\McAfee
      2017-11-15 17:42 - 2014-05-28 17:53 - 000000000 ____D C:\Users\krasi\AppData\Roaming\uTorrent
      2017-11-15 13:31 - 2013-01-05 12:15 - 000000000 ____D C:\ProgramData\Skype
      2017-11-15 13:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
      2017-11-15 10:55 - 2014-12-27 14:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2017-11-15 07:09 - 2016-04-20 16:11 - 000000000 ____D C:\Users\krasi\Documents\Файлове на Outlook
      2017-11-15 03:32 - 2014-12-11 03:28 - 000000000 ____D C:\Windows\system32\appraiser
      2017-11-15 03:09 - 2013-12-23 16:24 - 000768076 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2017-11-14 17:01 - 2015-09-17 13:56 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f13fdda07310
      2017-11-14 17:01 - 2015-09-17 13:56 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0f13fdca9de10
      ==================== Files in the root of some directories =======
      2009-05-10 17:40 - 2000-06-09 01:00 - 000995383 _____ (Microsoft Corporation) C:\Users\krasi\Mfc42.dll
      2009-05-10 17:40 - 2001-05-04 20:05 - 000290869 _____ (Microsoft Corporation) C:\Users\krasi\MSVCRT.DLL
      2009-05-10 17:40 - 1999-12-07 20:00 - 000253952 _____ (Microsoft Corporation) C:\Users\krasi\MSVCRT20.DLL
      2009-05-10 17:40 - 2001-05-04 20:05 - 000431376 _____ (Microsoft Corporation) C:\Users\krasi\RICHED20.DLL
      2009-05-10 17:40 - 1999-12-07 20:00 - 000003856 _____ (Microsoft Corporation) C:\Users\krasi\RICHED32.DLL
      2009-05-10 17:40 - 2005-04-03 17:16 - 000126976 _____ () C:\Users\krasi\Setup.exe
      2013-09-17 15:15 - 2014-06-22 23:58 - 000003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
      2013-09-17 15:28 - 2017-08-13 15:16 - 000000387 _____ () C:\Users\krasi\AppData\Roaming\burnaware.ini
      2015-01-25 18:12 - 2015-01-25 18:12 - 000001248 _____ () C:\Users\krasi\AppData\Roaming\PKEISIJ
      2015-01-25 18:12 - 2015-01-25 18:12 - 000002086 _____ () C:\Users\krasi\AppData\Roaming\QBBYB
      2015-03-06 07:46 - 2017-12-13 07:36 - 000000058 _____ () C:\Users\krasi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
      Some files in TEMP:
      ====================
      2017-10-26 10:07 - 2017-10-26 10:07 - 000488960 _____ () C:\Users\krasi\AppData\Local\Temp\sqlite3.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-09 00:46
      ==================== End of FRST.txt ============================
       
       
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.